This is the exact text from The Tech Herald, a paper in Baltimore, Maryland. This is absolutely frightening!
In a letter sent to Maryland’s Identity Theft Program, Johns Hopkins Hospital reported that a single insider might have exposed patient records, over 10,000 of them, after an internal investigation into identity theft discovered a common link with the victims and the hospital.
The story starts in January, when Johns Hopkins started to receive reports from law enforcement, and some individuals themselves, that they were victims of identity theft. Johns Hopkins, with the aid of its corporate security department, local law enforcement, the USPS and Secret Service, narrowed the potential cause of the personal information leak to a single employee with access to the records in question.
Said employee, who is not named in the disclosure letter, had access to patient records as a part of her job at the hospital. Her job, it is explained, was in the patient registration area of the hospital. Law enforcement officials said there might be a link to the employee and a recent Virginia driver’s license scheme, while also admitting there might be more than one source of stolen information in the Baltimore area. Since 31 of the confirmed 46 identity theft victims could be tied to the hospital, later tracked back to this employee, the letter says an indictment is expected soon.
Yet, this is where things get muddled. According to the letter, there is no certain evidence of a crime, and while the investigation narrowed it down to a single person, “there is no absolute certainty, at this time, that she was the source of the information,” according to the letter. However, because there is the off chance that she was the source of the information leakage, the hospital has moved to inform everyone who could be at risk.
For the 31 people identified as having any connection to the hospital, Johns Hopkins said it will offer two years of credit monitoring and $30,000 USD worth of reimbursements. Moreover, 526 people will get one year of credit monitoring and the same reimbursement; these are people who have Virginia addresses, who might be linked to the driver’s license scam. Lastly, 10,200 people will get a letter advising them of the steps to take to monitor their credit and report any suspicious activity, but they do not get the monitoring or reimbursement.
The morale of this story, as with all Identity Theft matters, is: Get protected with a service!!! I can recommend one.